Hackeriet

User Tools

Site Tools

You are here: start » infra » hosts » ingress
infra:hosts:ingress

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revisionPrevious revision
infra:hosts:ingress [2026/05/25 21:47] – Document nginx ingress runbook atluxity_idp.hackeriet.noinfra:hosts:ingress [2026/05/26 04:45] (current) atluxity_idp.hackeriet.no
Line 33: Line 33:
   * ''/etc/nginx/conf.d/hackeriet.no.conf''   * ''/etc/nginx/conf.d/hackeriet.no.conf''
  
-The file contains an operator note for adding new proxied services:+The file contains an operator note for adding new proxied services.
  
-  - Add the upstream hostname to ''/etc/hosts'' if needed. 
-  - Copy an existing nginx ''server'' block. 
-  - Replace ''$SERVICE'' with the configured DNS hostname. 
-  - Run ''certbot -d $SERVICE.hackeriet.no --nginx''. 
-  - Configure the downstream host. 
- 
-Example upstream pattern observed in the config: 
- 
-<code> 
-proxy_pass https://app-01.hackeriet.no; 
-proxy_set_header Host $host; 
-proxy_set_header Referer $http_referer; 
-proxy_ssl_trusted_certificate /root/cert/app-01.crt; 
-proxy_ssl_verify on; 
-</code> 
- 
-===== Network ===== 
- 
-Observed DNS on 2026-05-25: 
- 
-  * ''ingress.hackeriet.no'' A: ''185.35.202.240'' 
-  * ''ingress.hackeriet.no'' AAAA: ''2a02:ed06::240'' 
- 
-Observed host addresses on 2026-05-25: 
- 
-  * ''ens18'': ''185.35.202.240/32'', ''2a02:ed06::240/64'' 
-  * ''ens19'': ''10.10.50.50/24'' 
- 
-Treat these as emergency orientation only. NetBox should remain the source of truth for address assignments. 
- 
-===== Operating system ===== 
- 
-Observed over SSH on 2026-05-25: 
- 
-  * OS: ''Rocky Linux 9.5 (Blue Onyx)'' 
-  * Kernel: ''5.14.0-503.35.1.el9_5.x86_64'' 
- 
-===== Key services ===== 
- 
-Observed running services on 2026-05-25: 
- 
-  * ''nginx'' - HTTP reverse proxy 
-  * ''firewalld'' - host firewall 
-  * ''kanidm-unixd'' and ''kanidm-unixd-tasks'' - Hacker-ID Unix integration 
-  * ''sshd'' - SSH access 
-  * ''chronyd'' - time sync 
-  * ''rsyslog'' - system logging 
-  * ''qemu-guest-agent'' - guest integration 
- 
-No failed systemd units were observed at that time. 
  
 ===== Credentials ===== ===== Credentials =====
- 
-Do not paste secrets into the wiki. 
  
 Relevant ''hackeriet/pass'' entries: Relevant ''hackeriet/pass'' entries:
  
   * ''root@ingress.hackeriet.no.gpg''   * ''root@ingress.hackeriet.no.gpg''
- 
-If root or service credentials are needed, look in ''hackeriet/pass'' and keep decrypted values out of the wiki. 
  
 ===== Checks during incidents ===== ===== Checks during incidents =====
Line 119: Line 65:
  
 DNS checks from another machine: DNS checks from another machine:
- 
-<code> 
-dig +short ingress.hackeriet.no A 
-dig +short ingress.hackeriet.no AAAA 
-dig +short ip.hackeriet.no A 
-dig +short nms.hackeriet.no A 
-</code> 
  
 If SSH is unavailable, verify the console or recovery path in NetBox or another active source of truth. If SSH is unavailable, verify the console or recovery path in NetBox or another active source of truth.
  
/srv/hackeriet-wiki/dokuwiki/data/pages/infra/hosts/ingress.txt · Last modified: by atluxity_idp.hackeriet.no